Category Archives: Training

I’m excited to announce my newest online course. This is unlike any course I’ve done before and I’m making it available completely free.

The Cuckoo’s Egg Decompiled is a cross between an online course and a book club. Starting on November 9th, we’ll get together every Thursday night at 7:30 PM ET. Our “textbook” will be Cliff Stoll’s epic “The Cuckoo’s Egg”…the book that launched the career of many infosec practitioners and required reading for the field!

Each week I’ll review a few chapters of the book and we’ll tie Cliff’s experiences to modern themes in computer security. This series is ideal for people who are new to information security or want exposure to other facets of the field, but anyone is welcome. All you need is an internet connection and (optional) a copy of the book.

How can I join?

The weekly sessions are hosted LIVE online and free to attend. All you need to do is sign up and login. You can register before the start of the next session. Registration IS REQUIRED and space is limited.

What will we do?

For each session, I’ll provide an overview of the reading and then lead a discussion about the topics presented in the book. I’ll tie in aspects of Cliff’s story to modern security themes, breaches, tools, and techniques. I’ll demonstrate techniques from the book that are still relevant, or their modern evolutions. You’ll have the opportunity to participate by chiming in with your own thoughts and experience, participating group polls, or asking questions.

What work is required?

Ideally, you’ll come to each session having read the chapters we’ll discuss (I’ll tell you what those are ahead of time). Each week will cover around five chapters, which is only about 30-40 pages. Trust me, once you get started reading the book you’ll have a hard time putting it down. Couldn’t find the time to get the reading in this week? No problem, I’ll provide a quick rundown of the reading when we start.

Who is this class designed for?

This course is specifically designed for people who are new to information security, those who have been in infosec for only a couple of years, or high school and college students. Topics will be discussed at an entry-level with a focus on stimulating curiosity and steering you towards additional resources if you want to learn more. Of course, while this group is designed to be entry-level, participation from experienced practitioners is also welcome!

Is participation required?

Absolutely not! Feel free to sit back and listen. If you’d like to join in I’ll open up the floor periodically to voice or video participation. There will also be a live chat going the whole time and I’ll be monitoring a hashtag on Twitter.

Will the sessions be recorded?

Yes, recordings will be made available until the next session begins. Live participation is highly encouraged so you can participate in the discussion and get the most out of the time. After the class is completed, the entire set of recordings, along with my instructional materials, will be made available for free to high schools, universities, and full-time students.

What if I miss a week?

No problem! You can catch one of the recordings and just read the chapters we would have covered.

What is the schedule?

We’ll plan to meet on these days, but this is subject to change as we get further along.

Where can I sign up?

I’m excited to announce the release of the ELK for Security Analysis online course! You’ll find the description of the course to follow. Registration is open now (with early bird pricing), and the course officially opens next month.

You must master your data If you want to catch bad guys and find evil. But, how can you do that? That’s where the ELK stack comes in.

ELK is Elasticsearch, Logstash, and Kibana and together they provide a framework for collecting, storing, and investigating network security data. In this course, you’ll learn how to use this powerful trio to perform security analysis. This isn’t just an ELK course, it’s a course on how to use ELK specifically for incident responders, network security monitoring analysts, and other security blue teamers.

You’ll learn the basics of:

Elasticsearch: How data is stored and indexed. Working with JSON documents.

Logstash: How to collect and manipulate structured and unstructured data.

Kibana: Techniques for searching data and building useful visualizations and dashboards.

Beats: Use the agent to ship data from endpoints and servers to your ELK systems.

I’ll also show you how to build complete data pipelines from ingest to search. This means you’ll get to watch step-by-step guides for dealing with security specific data types like:

HTTP Proxy Logs

File-Based Logs (Unix, auth, and application logs)

Windows Events & Sysmon Data

NetFlow Data

IDS Alerts

Dealing with any CSV file you’re handed

Parsing unstructured logs, no matter how weird they are

When you walk away from this course, you should be equipped with the skills you need to build a complete IDS alert console, investigation platform, or security analysis lab.

I’m really excited to announce the first ever public LIVE in person offering of my Investigation Theory course. The two-day course will be taught on site in Augusta, Georgia on September 13th and 14th, right ahead of the Security Onion Conference and BSides Augusta. If you were planning on coming for those conferences, you can come in a couple of days early for training. Alternatively, you can come for the course and stay for what I think is the best defensively focused pair of security conferences in the country.

This offering of Investigation Theory is delivered in person over two days. You’ll participate in lectures, individual labs, and team exercises aimed to help you become better at the underlying processes that help you become an effective security analyst. This will be a very interactive class designed to take advantage of the fact that we are together in person. You’ll also get to use Investigation Ninja, our custom simulation platform designed to teach investigation skills in a tool-agnostic, data focused way!

Since the latest edition of Practical Packet Analysis has been released, so many people have been sending me pictures of their copies. It’s been so amazing that I’ve decided to make a contest of it and reward those of you who bought the book and are so enthusiastic about it!

About a month ago I shared that I am developing an online packet analysis course with the same name as the book. This course officially opens in June and is packed with over 40 hours of packet analysis videos and plenty of hands-on labs and packet captures for you to play around with. You can learn more about this course here: http://chrissanders.org/training/#ppa.

This is your opportunity to win a FREE seat in the course. But, it’s only if you’ve already purchased the book. I want you to take a picture of the book and send it to me at chris@chrissanders.org with the subject “PPA Photo Contest”. Now, it’s not quite that simple. I’m going to pick the winner based on who sends me the most creative picture. That can mean taking the book to an exotic locale, a simple action shot of you using the book to dissect some packets, or even a picture of the book with your dog. The sky is the limit, just don’t do anything illegal or dangerous 🙂

The official rules:

Your submission must be received by midnight EST on May 10th. If you were thinking about buying the book, this gives you a chance to purchase and receive it and still take your photo.

You must consent to allow me to share your picture on social media and my blog. I won’t share them all, but I will share some of my favorites.

I will pick one overall winner who will receive a free seat in the PPA online course. If you are already registered for this course, you can exchange that license for a seat in my Investigation Theory course.

I will pick a few “honorable mention” winners who will receive discount codes for any of my courses of your choosing, or free seats in my information security writing course.

So, what if you bought an electronic copy of the book? You can still enter! Just take your picture showing the book in your e-reader application or on your tablet. However, when you submit your entry please include a receipt showing your purchase. That can be a screenshot of your amazon order page or the e-mail receipt from No Starch Press.

That’s it! The contest begins NOW and ends at midnight May 10th. I’m looking forward to seeing how creative you can be!

It’s easy to fire up Wireshark and capture some packets…but making sense of them is another story. There’s nothing more frustrating than knowing the answers you need lie in a mountain of data that you don’t know how to sift through. That’s why I wrote the first Practical Packet Analysis book a decade ago. That book is now in its third edition, has been translated to several languages, and has sold over 25,000 copies. Now, I’m excited to create an online course based on the book. The Practical Packet Analysis online course is the best way to get hands on visual experience capturing, dissecting, and making sense of packets.

Practical Packet Analysis takes a fundamental approach by exploring the concepts you need to know without all the fluff that is normally associated with learning about network protocols. Everything you’ll learn is something you can directly apply to the job you have, or the job you want. The ability to understand packets is a critical skill for network engineers, system administrators, security analysts, forensic investigators, and programmers alike. This class will help you build those skills through a series of expert-led lectures, scenario-based demonstrations, and hands-on lab exercises.

The Practical Packet Analysis course is perfect for beginners to intermediate analysts, but seasoned pros will probably learn a few useful techniques too. Whether you’ve never capture packets before or you have and you struggle to manipulate them to effectively achieve your goals, this course will help you get over the hump. You’ll learn:

How networking works at the packet level.

How to interpret packet data at a fundamental level in hexadecimal or binary.

Techniques for capturing packets to make sure you’re collecting the right data.

How to interpret common network and transport layer protocols like IPv4, IPv6, ICMP, TCP, and UDP.

How to interpret common application layer protocols like HTTP, DNS, SMTP, and more.

Normal and abnormal stimulus and response patterns for common protocols.

Troubleshooting connectivity issues at the packet level.

Techniques for carving files from packet streams.

Understanding network latency and how to locate the source.

How common network attacks are seen by an intrusion detection systems.

Techniques for investigating security alerts using packet data.

How malware communicates on the network.

Course Format

The Practical Packet Analysis course is delivered completely online using recorded video lectures that you can go through at your convenience. It is modeled like a college course and consists of lectures that overview critical concepts, demonstrations where I walk through packet captures, and lab exercises when you are given packet captures to work through on your own to practice the concepts you’ve learned. There is also a a discussion forum where you can ask questions and share tips and tricks with other students. The course includes over 40 hours of video lecture content, and can be completed at whatever pace is comfortable for you.

Prerequisites

This course has no prerequisites, but a basic understanding of networking is helpful. It is delivered in English.

Cost

Introductory pricing for the course is $797 for a single user license. Bulk discounts are available for organizations that want to purchase multiple licenses (please contact me to discuss payment and pricing). A portion of the purchase price will go to support multiple charities including the Rural Technology Fund, the Against Malaria Foundation, and others.

You’ll receive:

6 month access to course video lectures and lab exercises

A Certification of Course Completion

Continuing Education Credits (CPEs/CEUs)

Sign Up Now!

Stay Updated!

I use my mailing list to send out exclusive content, training discounts, and it's the best way to stay up to date on new classes I conduct on topics like network security monitoring, packet analysis, technical writing, and more.

* indicates required

Email Address *

First Name

Last Name

Applied Network Security Monitoring

Applied Network Security Monitoring is the essential guide to becoming an NSM analyst from the ground up. This book takes a fundamental approach, complete with real-world examples that teach you the key concepts of NSM.

Practical Packet Analysis

It's easy to capture packets with Wireshark, the world's most popular network sniffer, whether off the wire or from the air. But how do you use those packets to understand what's happening on your network? This extensively revised second edition of the best-selling Practical Packet Analysis will teach you how to make sense of your PCAP data.

100% of the author royalties for sales of Practical Packet Analysis go to support the Rural Technology Fund

Rural Technology Fund

Established in 2008, the Rural Technology Fund (RTF) seeks to reduce the digital divide between rural communities and their more urban and suburban counterparts. This is done through targeted scholarship programs, community involvement, and the general promotion and advocacy of technology in rural areas.